Why You Need A Better Password Management System

Why You Need A Better Password Management System

Did you know that when you allow a web browser - like Chrome, Firefox or Safari - to store passwords, you're putting your network security at risk? If a hacker gains remote access to your computer those passwords are readily visible. Don’t think it can happen to you? Think again.

In July of this year, a data leak warning was issued to millions of Google Chrome users. The breach revealed medical records, credit card information, online shopping history, travel arrangements, GPS location, file attachments, photos and more. How? The extensions that were added to Google Chrome provided access to the account credentials of over 4 Million Chrome users, and several Fortune 500 companies.

What can you do to protect yourself? Manage your passwords in a safer platform. For example, we use LastPass - as do most Cyber Security Specialists. So, we’ll talk about the features and benefits of using the LastPass password management platform instead of storing your credentials in your browser of choice, because it is what we are most familiar with. Yes, there are other password management systems - such as 1password, dashlane, and keepass to name just a few - and, while weren’t not in the business of promoting LastPass, we’re just more familiar with it.

Why using a password manager is a cybersecurity best practice

In a great article called, Why Can’t I Just Use my Browser? LastPass writer, Katie Petrillo, explained it this way…

With LastPass, your data is not stored in a single ecosystem (such as your browser). Rather, LastPass syncs all of your data across every browser and device you use.

Your LastPass account is protected by a master password that only you have. The master password is never sent to LastPass servers and can only be retrieved by you. Encryption and decryption happens locally on your device. Their zero-knowledge architecture ensures that they never have the master password, and therefore never have the key to your data.

The term ‘password manager’ is a little misleading. Password managers like LastPass allow you to not only upload passwords, but also add important information like medical IDs, your AAA number, and passport information.

Here are some other great features and benefits…

Password generator: LastPass allows you to generate strong passwords right from the ‘new password’ field or your browser extension. So no more using the same password for several different sites; the built-in password generator creates long, randomized passwords - for each account you log into - that protect against hacking.

Payment cards & addresses: When you're ready to make a purchase, your profile will fill all your payment and shipping details for you. With LastPass, securely storing those details in your vault means you can fill them in just a few clicks.

Store Digital Records: Some things shouldn't be sent in a text. Conveniently and safely share select passwords and notes with anyone you choose. Insurance cards, memberships, Wi-Fi passwords... keep them all safe and easy to find.

Security Challenge: Put your passwords to the test with the Security Challenge and find any weak, duplicate, and potentially-insecure passwords.

Sharing and Disaster Recovery (DR): If an employee suddenly leaves, you can revoke their LastPass privileges, but still retain access to the passwords, and credentials they created; unlike information that was stored in their browser. And, if you choose to share specific items with a trusted friend, colleague, or family member they can access important information in cases of emergency or crisis.

Need a more convincing reason to use a better password management system? Consider this… In one unfortunate event, a CEO of a major corporation died suddenly. He never shared his passwords, and now his customers can’t access $190 million dollars. The CBC broke the story after Gerald Cotten, a 30 year old CEO of crypto exchange QuadrigaCX, died suddenly due to complications with Crohn's disease, while on a trip to India. What makes the story worse, is that even though his widow has his encrypted laptop in her possession, neither she nor a company they hired to try to hack the passwords has been able to crack the code.

Related infographic: The Top 10 Reasons Hackers Love Consumers and Employees, CLICK HERE.

The reason why LastPass is preferred by security professionals is because of its “zero knowledge” system of securing itself. You use LastPass through a browser extension. It does not store your data locally on your computer. So for it to be compromised, the attacker would have to take control of your computer and use Lastpass as you from your own computer which (currently) is a rather rare/nonexistent threat vector right now.

In short, nearly 17 million people and 60,000 businesses trust LastPass for their password management. There are even free individual plans available, but you can also consider upgrading to the premium or family plan for individuals, and to the Team, Enterprise, MFA or Identity plans for businesses.

With that in mind, here’s what you should know before making the change.

We recommend that you first sign up for a free LastPass (Personal) account. If you are storing passwords in your browser, you don’t want to delete them just yet. LastPass will import your passwords to get you started. THEN you should remove/disable the password manager in your browser.

Related: How to Manage Google’s Password Settings, CLICK HERE.

If we can help with this or any other issue, please contact us today.